Steps to perform to "recover" the certifier id file:
Open the Domino Directory and navigate to the Certifier document.
Open the certifier document and take note of the path to the ICL database.
You will also see which user is authorized to access the certifier, these users are the CA Administrators.
Open the ICL database.
In the view "All Documents" search for documents with the form "IDStorage".
Depending on your environment you might have more than one document with the form "IDStorage", check the date on these documents and select the most recent document for the next action.
In the document you will find an attachment. In some cases the filename ends with ".id", sometimes it is ".tmp".
Ignore filename and extension and save the file as "your_certifier.id".
Now open the document properties window and click the field "Password".
The password will be shown in plaintext.
The password was created during the configuration of the CA-task, it does not match the old original password of the certifier id file.
The password string can be quite long and might look like a hashed or encrypted value but is in fact the correct password.
Final statement:
This is NOT a security problem of Domino. The certifier id file and the password are stored in an encrypted form. Only authorized users can retrieve the password.